CCI-000336
CCI-000336 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - the impacted controls are implemented correctly with regard to meeting the security requirements for the system after system changes. - the impacted controls are implemented correctly with regard to meeting the privacy requirements for the system after system changes. - the impacted controls are operating as intended with regard to meeting the security requirements for the system after system changes. - the impacted controls are operating as intended with regard to meeting the privacy requirements for the system after system changes. - the impacted controls are producing the desired outcome with regard to meeting the security requirements for the system after system changes. - the impacted controls are producing the desired outcome with regard to meeting the privacy requirements for the system after system changes.
Validation Procedures
Examine: [SELECT FROM: Configuration management policy; procedures addressing security impact analyses for changes to the system; procedures addressing privacy impact analyses for changes to the system; privacy risk assessment documentation; configuration management plan; security and privacy impact analysis documentation; privacy impact assessment; analysis tools and associated outputs; change control records; control assessment results; system audit records; system component inventory; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibility for conducting security and privacy impact analyses; organizational personnel with information security and privacy responsibilities; system/network administrators; security and privacy assessors]. Test: [SELECT FROM: Organizational processes for security and privacy impact analyses; mechanisms supporting and/or implementing security and privacy impact analyses of changes].